amanjuman · February 14, 2020 19:47
diff --git a/Gsuit GoogleApp Login with AWS Single Sign-On and Amazon Connect.txt b/Gsuit GoogleApp Login with AWS Single Sign-On and Amazon Connect.txt
 AWS Policy: AWS-Connect-Resource-Permission
 {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Allow",
            "Action": "connect:GetFederationToken",
            "Resource": [
                "arn:aws:connect:REGION-ID:ACCOUNET-ID:instance/RESOURCE-ID/user/${aws:userid}"
            ]
        }
    ]
 }

 AWS Connect Classic Version Endpoint:
 https://REGION-ID.console.aws.amazon.com/connect/federate/REGION-ID?destination=%2Fconnect%2Fccp
 AWS Connect Mordern Version ENdpoint:
 https://REGION-ID.console.aws.amazon.com/connect/federate/RESOURCE-ID?destination=%2Fconnect%2Fccp-v2

 Gsuit SAML Attributes for AWS:
 IAM_Role - Text - Multivalue - Admin&User
 SessionDuration - Wholenumber - Single Value - Admin&User

 AWS Connect Google SAML App Configuration:
 ACS URL *: https://signin.aws.amazon.com/saml
 Entity ID *: https://signin.aws.amazon.com/saml
 Start URL: https://REGION-ID.console.aws.amazon.com/connect/federate/RESOURCE-ID?destination=%2Fconnect%2Fccp-v2


 Gsuit SAML Attributes Assertion:
 https://aws.amazon.com/SAML/Attributes/RoleSessionName - Basic Information - Primary Mail
 https://aws.amazon.com/SAML/Attributes/Role  - AWS SAML - IAM_Role
 https://aws.amazon.com/SAML/Attributes/SessionDuration - AWS SAML - SessionDuration

 Attch AWS SAML Roles to Users:
 IDENTITY ARN,ROLE ARN
 SessionDuration: 28800
	AWS Policy: AWS-Connect-Resource-Permission
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "Statement1",
	"Effect": "Allow",
	"Action": "connect:GetFederationToken",
	"Resource": [
	"arn:aws:connect:REGION-ID:ACCOUNET-ID:instance/RESOURCE-ID/user/${aws:userid}"
	]
	}
	]
	}

	AWS Connect Classic Version Endpoint:
	https://REGION-ID.console.aws.amazon.com/connect/federate/REGION-ID?destination=%2Fconnect%2Fccp
	AWS Connect Mordern Version ENdpoint:
	https://REGION-ID.console.aws.amazon.com/connect/federate/RESOURCE-ID?destination=%2Fconnect%2Fccp-v2

	Gsuit SAML Attributes for AWS:
	IAM_Role - Text - Multivalue - Admin&User
	SessionDuration - Wholenumber - Single Value - Admin&User

	AWS Connect Google SAML App Configuration:
	ACS URL *: https://signin.aws.amazon.com/saml
	Entity ID *: https://signin.aws.amazon.com/saml
	Start URL: https://REGION-ID.console.aws.amazon.com/connect/federate/RESOURCE-ID?destination=%2Fconnect%2Fccp-v2


	Gsuit SAML Attributes Assertion:
	https://aws.amazon.com/SAML/Attributes/RoleSessionName - Basic Information - Primary Mail
	https://aws.amazon.com/SAML/Attributes/Role - AWS SAML - IAM_Role
	https://aws.amazon.com/SAML/Attributes/SessionDuration - AWS SAML - SessionDuration

	Attch AWS SAML Roles to Users:
	IDENTITY ARN,ROLE ARN
	SessionDuration: 28800